Cyber Security Awareness and Vulnerabilities Blog

Demands on organizations continue to intensify – the precarious balance of requests for more access with the need to be more secure is difficult to maintain. Additionally, all of this is to be achieved faster, with fewer resources. It is more important than…

Read More

Through penetration testing, you can proactively identify the most exploitable security weaknesses before someone else does. However, there’s a lot more to it than the actual act of infiltration. Pen testing is a thorough, well thought out project that consists of several phases.…

Read More

Learn how Mirai works, what its newest features are, and how you can protect your organization from this destructive malware strain. 

Read More

The Internet of Things (IoT) stands to have a tremendous impact on business – and life – as we know it. Gartner estimates that by 2020 the IoT will grow to 26 billion units installed, and IoT product and service suppliers will generate…

Read More

Advanced Persistent Threats (APTs) are a cybercrime category directed at business and political targets. APTs require a high degree of stealth over a prolonged duration of operation in order to be successful. The attack objectives typically extend beyond immediate financial gain, and compromised…

Read More

In a previous blog post, I described how I bypassed the patch for the first fix for CVE-2018-15422. That bypass was also discovered by other researchers as well. You can check that out in Cisco’s updated advisory. Now, WebExec was the name given to…

Read More

What is Penetration Testing? Penetration testing is a direct test of an application, a device, a website, an organization, and even the people that work at an organization. It first involves attempting to identify and then attempting to exploit different security weaknesses that can…

Read More

As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A…

Read More

These days it seems like there are security solutions for almost everything except, the one thing you can never fully secure - humans. But, while you can’t control everything they open or click on, you can control their access to your sensitive data.…

Read More

Identity Governance and Administration is a complex and growing, set of solutions that are put in place to help your organization stay compliant with government or industry regulations and, perhaps more importantly, help secure your organization. However, with every new solution, there are…

Read More